Policy —

FBI, intel chiefs decry “deep cynicism” over cyber spying programs

Admit tough questions about things like backdoors have no easy answers.

The directors of the FBI, CIA, NSA, NGO, DIA, and NRO stand for a group picture with Fox News' Catherine Herridge (second from left) and executives of INSA and AFCEA at the conclusion of their panel discussion at the Intelligence & National Security Summit in Washington on September 10.

Share this story

WASHINGTON, DC – On a stage in a ballroom in the Walter Washington Convention Center on September 10, the heads of the United States' intelligence community gathered to talk about the work their agencies perform and the challenges they face—or at least as much as they could in an unclassified environment. But the directors of the Federal Bureau of Investigations, the Central Intelligence Agency, and the National Security Agency also had one particular mission in mind as they took the stage at the Intelligence & National Security Summit, an industry event largely attended by government officials and contractors: stopping the poisoning of the public debate around their missions, and especially around the issue of encryption, by unreasonable haters.

CIA Director John Brennan suggested that negative public opinion and "misunderstanding" about the US intelligence community is in part "because of people who are trying to undermine" the mission of the NSA, CIA, FBI and other agencies. These people "may be fueled by our adversaries," he said.

FBI Director James Comey referred to the backlash against his lobbying for backdoors into encrypted communications provided by the technology industry as "venom and deep cynicism" that are making a rational discussion about what could and should be done nearly impossible.

Further Reading

The "Big Six" of US Intelligence—Comey, Brennan, NSA Director Michael Rogers, Defense Intelligence Agency Director Vincent Stewart, National Geospatial Intelligence Agency (NGA) Director Robert Cardillo, and National Reconnaissance Office Director Betty Sapp—spoke in a panel discussion that concluded the summit. The conversation, in part directed by questions from Fox News intelligence correspondent Catherine Herridge, covered topics ranging from the Office of Personnel Management hack to Russian troops in Syria.

In response to a question submitted by Ars to the panel on how the government could get the global business community to trust encryption that provided a "golden key" to the FBI and the intelligence community, Comey said, "I don't have an easy answer to that. I don't think it's right for the government to come up with the answer alone. We want to get past the crypto war thing—we all care about safety and security. And I support strong encryption—if my SF-86 [the Office of Personnel Management survey filled out by government employees as part of background investigations for security clearances] had been behind strong encryption, maybe someone wouldn't be reading my SF-86 today."

But Comey reiterated his concerns about information from terrorist and criminal cells "going dark because of encryption." He noted that service providers already encrypt content coming from users and then decrypt it on their servers—making it accessible under warrant—and said that he felt that there are ways to provide the same sort of access more broadly. "There may be a thousand different solutions," he said. "We have to get past the venom and the demonization around this."

Comey said that he would be willing to set aside his push if it was shown to be impossible to provide the access but added, "I don't think we've really tried to find answers yet because no one in the private sector has been properly incentivized."

Why all the hate?

The opening statements from Comey and others were focused on that "venom," as the intelligence chiefs—many of whom had just testified that morning with Director of National Intelligence James Clapper on cybersecurity threats before the House Select Intelligence Committee—sought to make it clear that they were speaking largely to help shift the direction of public discourse about the Intelligence Community. Specifically, they want to find ways to end what they perceive as irrational hostility against their agendas.

"I have something on my mind that affects all the work we do as an intelligence community," Comey said in his opening remarks. "I think that citizens should be skeptical of government power. But I fear it's bled over to cynicism. It is something that is getting in the way of reasoned discussion, and I'm very concerned about how to change that trend of cynicism." He sees that cynicism directed toward everyone from law enforcement officers on the beat to the intelligence community at large.

In particular, Comey said, he feels that his push for some way to gain backdoor access to encryption was "met with venom and deep cynicism."

"How do we get to a healthier place in talking about authority?" he asked.

NSA head Rogers said that "we have got to engender a better dialogue" on security issues. "In the end, we serve the citizens of the nation... all the revelations [a reference to Edward Snowden and WikiLeaks] have made life more difficult for us."

He said that there needs to be a way that "we can now get to a collective dialogue" about the role of the intelligence community. "A few years ago, we were talking past each other—it was all good versus bad. But these are complex issues. We need to sit down and talk as a nation about a direction forward. You can't get there if you don't work together, and vilify each other."

When asked about what their agencies were doing to improve how they handled whistleblowers, Rogers, Brennan, and Comey all replied that they were encouraging people with questions to speak up. Comey said that it was essential to make people who felt that something was going on that wasn't right to bring it up, and reward them for doing so. "We as leaders need to celebrate people who raise their hands," Comey explained.

When asked by Herridge how the NSA could repair the public's trust, Rogers said, "I don't think we have fundamentally destroyed the public's trust. Some feel that way, but we are accountable to the citizens of the nation, and the nation is counting on us. The nation needs the insights we generate and our computer expertise."

"It is up to us through our actions to earn the public's trust, and the effort to make the intelligence community's processes more transparent are an effort to do just that," he explained. "Broadly across the [intelligence community], if you look at what we've declassified over the past few years, it's more than I've seen declassified in 30 years as an intelligence professional."

Opening up

On the topic of being more open, the NGA's Cardillo spoke about how his agency is increasingly sharing data with people outside the intelligence community for humanitarian aid purposes, particularly as the agency continues to make use of commercial and open sources of imagery for its mapping and geospatial intelligence missions."We're either on the cusp or in the midst of a revolution" in geospatial intelligence, Cardillo said. "When I was growing up in this business, we operated in the closet, and it was a very expensive business. Today, while much of that is still necessary for key sets of our partners, more and more we're getting a demand to take our success [in mapping and geospatial data] into the open."

At the same time, the NGA and other agencies are increasingly turning to open sources of data to help fill out the picture. As part of the CIA's ongoing reorganization, the agency is creating a "director of digital innovation" role as Internet and digital data sources and activities become more important.

"It's the nature of the world now" that is driving the reliance on social media and other sources for intelligence data, Cardillo said. "Nation states are still a threat, but more and more we are dealing with places without governments, and along with traditional sources [of imagery and data] we have gained the added benefit of social media and other open sources. While that has great potential, it can also be overwhelming. It used to be about hunting for imagery, and today it's more about filtering, gathering, and making sense of the noise."

There are obvious limits to the intelligence community's efforts at openness. A number of Herridge's prepared questions were met with awkward silence and glances among the agency heads. And when Herridge asked who the current top threat to America is, Rogers protested, expressing how "frustrating" that question is. "The answer changes every hour," he said, and added that the biggest problem the agencies face is being able to quickly re-prioritize efforts as each new threat emerges.

Share this story

Sean Gallagher
Sean is Ars Technica's IT and National Security Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland. Emailsean.gallagher@arstechnica.com//Twitter@thepacketrat

At the end of the day, it's a matter of trust in government institutions. Bluntly, the American public doesn't have it, and asking for backdoor's is no way to gain it. What do these guys say... 'Trust, but verify' ?

Would have been a convenient opportunity for the US Marshal's Service to round up the lot and put them in protective custody pending an outcome of an investigation into their complicity of increasingly high crimes against the US Constitution over the last 15 years or so.

P.s. Brennan's "fueled" routine had me keking hard as it sounds as stupidly 1950's as "trust us, we know more about you than you do". For all their efforts, these constitutionally violating clowns haven't anything to show for the freedoms they have criminally stolen from us.

CIA Director John Brennan suggested that negative public opinion and "misunderstanding" about the US intelligence community is in part "because of people who are trying to undermine" the mission of the NSA, CIA, FBI and other agencies. These people "may be fueled by our adversaries," he said.

FBI Director James Comey referred to the backlash against his lobbying for backdoors into encrypted communications provided by the technology industry as "venom and deep cynicism" that are making a rational discussion about what could and should be done nearly impossible.

Is it possible to grant the government backdoors into encryption in an accountable, safe, verifiable, and secure way?

If not - which should have precedence: the US government as protector of the homeland, or the citizen, whose rights may end up trespassed?

FBI Director James Comey referred to the backlash against his lobbying for backdoors into encrypted communications provided by the technology industry as "venom and deep cynicism" that are making a rational discussion about what could and should be done nearly impossible.

Is it possible to grant the government backdoors into encryption in an accountable, safe, verifiable, and secure way?

If not - which should have precedence: the US government as protector of the homeland, or the citizen, whose rights may end up trespassed?

That's basically the question I asked Comey (through the moderator), and he punted, sort of. He said that if it could be proven that it was impossible to have safe backdoors, he'd reconsider his position, but he felt that it hadn't been tried. Really, I think his argument is that he wants all the tech providers to offer PRISM-like access, and make them be the key holders.

if you look at what we've declassified over the past few years, it's more than I've seen declassified in 30 years as an intelligence professional

Maybe because they classified more than ever and are trying to intercept all traffic that they possibly can. It's hard to be sure about the total amount of classified stuff but saying that it is larger now than ever is probably true.

Ways to reduce cynicism:-Stop redefining words to hide your actual actions-Stop hiding behind a secret court that lacks so many of the fundamental protections of our judicial system it can barely be called a court at all to make your actions "legal"-Make public your legal justification for your actions (no details about how you do things or even the details of what you do, just why you do it), and allow a genuine debate over those actions-At least pretend to recognize the Constitutional protections we have against government overreach-Stop actively lying, to the public, to the courts, to Congress, about the tools you use-Acknowledge that requests for privacy are legitimate and not an indicator someone is hiding something-Acknowledge that any increase in surveillance capabilities creates a mandatory reduction in privacy-Respect that some people put the acceptable trade off between intelligence and privacy at different places-Realize that does not make them your enemies

Because otherwise all I hear is "trust us, we know better than you," and an attitude like that in the face of legitimate concerns can ONLY end in cynicism.

Is it possible to grant the government backdoors into encryption in an accountable, safe, verifiable, and secure way?

I would parallel this to the TSA "Master Key" debacle, which could not have had better timing vis-à-vis this debate. The backdoor would remain secret for a while (a few months, maybe), but it would eventually leak, and then all that cyphertext is effectively unencrypted for all time.

FBI Director James Comey referred to the backlash against his lobbying for backdoors into encrypted communications provided by the technology industry as "venom and deep cynicism" that are making a rational discussion about what could and should be done nearly impossible.

Is it possible to grant the government backdoors into encryption in an accountable, safe, verifiable, and secure way?

If not - which should have precedence: the US government as protector of the homeland, or the citizen, whose rights may end up trespassed?

That's basically the question I asked Comey (through the moderator), and he punted, sort of. He said that if it could be proven that it was impossible to have safe backdoors, he'd reconsider his position, but he felt that it hadn't been tried. Really, I think his argument is that he wants all the tech providers to offer PRISM-like access, and make them be the key holders.

But haven't back doors been tried time and again, more recently in crypto, and failed at their purpose? My reading of Schneier's various commentaries gives this understanding.

I keep coming to the conclusion that Comey is a "the process is more important than the goal" kinda guy, and I the community's zeal to avoid going dark, they are willing to act as though the Bill of Rights does not exist. If this is the case, they, through subtle and insidious means, have become that which they were pledged to defend against.

they want to find ways to end what they perceive as irrational hostility against their agendas.

A man living in a bunker in Kansas with sixty machine guns and a locker filled with slaughtered hogs enough to last the coming race war is engaging in irrational hostility against the government. These motherfuckers are taking offense to people pointing out that their dumbass 'agendas' are antithetical to their stated goals, or socially/scientifically goddamn impossible.

In this case, these intelligence heads are more akin to bunker-dwelling Kansasites than the people they believe are irrationally persecuting them.

Quote:

In particular, Comey said, he felt that his push for some way to gain backdoor access to encryption was "met with venom and deep cynicism."

Because its impossible to secure. Someone in the NSA will find a way to copy it and sell it on the black market. Given the NSA's immediate history of administrative incompetence, this is highly believable. People (smarter than I in the ways of cryptographic systems) have also suggested that such a golden key will fundamentally weaken whatever crypto system is produced to include it.

These guys created this situation. They took a flagging and dispirited public trust and spit on it, kicked it, raped it, and now they're complaining about having to foot the metaphorical hospital bill to repair the damage they themselves have done. Only public trust is basically a vegetable now, and its only a matter of time until some kind-hearted angel of death pulls the plug.

Quote:

When asked by Herridge how the NSA could repair the public's trust, Rogers said, "I don't think we have fundamentally destroyed the public's trust. Some feel that way, but we are accountable to the citizens of the nation, and the nation is counting on us. The nation needs the insights we generate and our computer expertise."

You are planning to literally destroy the public's ability to trust by suggesting restrictions on the very framework on the systems that allow electronic commerce to take place. With all these golden keys out there, no one will be able to trust apparently-secure transmissions.

P.s. Brennan's "fueled" routine had me keking hard as it sounds as stupidly 1950's as "trust us, we know more about you than you do". For all their efforts, these constitutionally violating clowns haven't anything to show for the freedoms they have criminally stolen from us.

They could show you, but then they'd have to kill you. That would show you!

FBI Director James Comey referred to the backlash against his lobbying for backdoors into encrypted communications provided by the technology industry as "venom and deep cynicism" that are making a rational discussion about what could and should be done nearly impossible.

Is it possible to grant the government backdoors into encryption in an accountable, safe, verifiable, and secure way?

If not - which should have precedence: the US government as protector of the homeland, or the citizen, whose rights may end up trespassed?

No, it is not possible to have a safe accountable backdoor. Even if the government split the keys with the tech industry, it would neither be safe nor accountable. National Security Letters and FISA warrants would easily turn accountability into a joke. Even assuming this element worked as intended, it would still be irrelevant for criminals. Hackers will be looking for these backdoors. And once you find the backdoor, it is blown wide open for EVERYONE. Suddenly nobody is secure. You can mitigate this by using a different key for every OS and piece of encryption. But the government won't want to hold onto thousands of keys. They want one universal key. So invariably blowing the backdoor wide open will probably open up multiple systems for intrusion.

And of course this ignores that people will still develop real encryption without backdoors. So the criminals will still be using encryption without backdoors.

Seriously, what color is the sky in their world that they would expect anything other than 'deep cynicism'?

They've consistently been caught lying and stalling every step of the way on a veritable alphabet soup of surveillance programs more ambitious than the ones your average paranoid schizophrenic would tell you about; they've been astonishingly arrogant and high-handed(the condescending "Just trust us, it's to protect you from the terrorists..." nonsense is expected; but nothing says 'We totally respect the separation of powers, hahaha!' like the CIA hacking the senate and then lying about it); and for all that they don't even have any successes to point to, unless you count the FBI's pitiful short-bus terrorists who have to be handheld through the first 90% of the plan, and then busted.

If anything, they've gotten of shockingly lightly. Nothing like the Church Commission; we are 'looking forward not backward' RE: our torture program, illegal telco spying was retroactively made legal, etc. The real 'deep cynicism' isn't our response to their demands that we trust their motives; it's the institutional apathy that has paralyzed any attempt to deliver even token justice for their crimes, much less take them out back and shoot them.

CIA Director John Brennan suggested that negative public opinion and "misunderstanding" about the US intelligence community is in part "because of people who are trying to undermine" the mission of the NSA, CIA, FBI and other agencies. These people "may be fueled by our adversaries," he said.

FBI Director James Comey referred to the backlash against his lobbying for backdoors into encrypted communications provided by the technology industry as "venom and deep cynicism" that are making a rational discussion about what could and should be done nearly impossible.

Is it possible to grant the government backdoors into encryption in an accountable, safe, verifiable, and secure way?

If not - which should have precedence: the US government as protector of the homeland, or the citizen, whose rights may end up trespassed?

That's basically the question I asked Comey (through the moderator), and he punted, sort of. He said that if it could be proven that it was impossible to have safe backdoors, he'd reconsider his position, but he felt that it hadn't been tried. Really, I think his argument is that he wants all the tech providers to offer PRISM-like access, and make them be the key holders.

The reason for the push, is that they know they cannot make it safe and secure. Getting it right, without the back doors, has been a herculean task as it is. We're getting daily reminders of the difficulty.

They tortured people, broke the law and got away with it, so yes, I'm a cynical towards them and their stated goals.Maybe if they stopped doing those things, prosecuted the people who did them and then put measures in place to keep it from happening again, I would feel differently.

They see all these reports about terrorist cells communicating via cyphers of various sorts, criminal enterprises using encrypted dark communication paths, and so on. So they have a worldview filled with threats that could be drastically reduced by being able to break into these domains.

As citizens, though, we're not significantly impacted by a bunch of nutjobs planning to blow up the white house or whatever, nor are more than a relative few effected by the actions of various criminal cartels. So we just see the gov't agencies undercutting our Constitutionally-protected (note protected, not granted) rights.

Which makes me think that just maybe they should maybe look outside of their holes occasionally and try to understand exactly why we've gotten so cynical (and make no mistake, we have...but not for the reasons they claim). To butcher a couple of old saws: they've stared into the abyss long enough, maybe they should stop and smell the roses occasionally.

FBI Director James Comey referred to the backlash against his lobbying for backdoors into encrypted communications provided by the technology industry as "venom and deep cynicism" that are making a rational discussion about what could and should be done nearly impossible.

Is it possible to grant the government backdoors into encryption in an accountable, safe, verifiable, and secure way?

If not - which should have precedence: the US government as protector of the homeland, or the citizen, whose rights may end up trespassed?

That's basically the question I asked Comey (through the moderator), and he punted, sort of. He said that if it could be proven that it was impossible to have safe backdoors, he'd reconsider his position, but he felt that it hadn't been tried. Really, I think his argument is that he wants all the tech providers to offer PRISM-like access, and make them be the key holders.

Sure he does, because it gives them cover over holding all the keys themselves. Unfortunately, that "solution" is even WORSE than a central store, because instead of one point of weakness, you have as many points as there are companies using crypto.

Keystore crypto just isn't going to happen short or making all other forms illegal. Good luck with that!

Even IF, in the unlikely situation where existing crypto was made illegal, users would use the good crypto underneath the "approved" crypto, and the snoops won't be able to call someone on it unless they have the goods on them already. If there's no probable cause to get a warrant for the keys, there's no way to know that there's good crypto inside, right?

No, it is not possible to have a safe accountable backdoor. Even if the government split the keys with the tech industry, it would neither be safe nor accountable. National Security Letters and FISA warrants would easily turn accountability into a joke. Even assuming this element worked as intended, it would still be irrelevant for criminals. Hackers will be looking for these backdoors. And once you find the backdoor, it is blown wide open for EVERYONE. Suddenly nobody is secure. You can mitigate this by using a different key for every OS and piece of encryption. But the government won't want to hold onto thousands of keys. They want one universal key. So invariably blowing the backdoor wide open will probably open up multiple systems for intrusion.

These are people who thrive on secrecy and become incestuous because of it. They have no appreciation for the freedoms guaranteed by the constitution. Their focus is safety safety safety at the exclusion of all other things and they have a tendency to move forward with any process which gives them more power whether that power is useful, practical or legal.

We need more Snowdens. We need as many people as possible to tell us, the citizens, the ultimate arbiters, what is going on. This will be a constant struggle to get the intelligence community to follow the rules of our free country - because they can operate in secrecy and therefore towards their own best interests not the interests of all citizens.

CIA Director John Brennan suggested that negative public opinion and "misunderstanding" about the US intelligence community is in part "because of people who are trying to undermine" the mission of the NSA, CIA, FBI and other agencies. These people "may be fueled by our adversaries," he said.

Are they out of their minds? It is fueled by the total lack of respect for the constitution.

They are right but not in the way they think. They are the one who made us the enemy, not the other way around. These agencies pose as much of a threat and a more enduring threat to our freedom and security with less accoutability. Terrorists and criminals will be held responsible and face consequences if they are caught.

"I don't think we have fundamentally destroyed the public's trust. Some feel that way, but we are accountable to the citizens of the nation, and the nation is counting on us. The nation needs the insights we generate and our computer expertise."

These people cannot be serious. I don't even have words for this-- how can someone be this disconnected from reality?

CIA Director John Brennan suggested that negative public opinion and 'misunderstanding' about the US intelligence community is in part 'because of people who are trying to undermine' the mission of the NSA, CIA, FBI and other agencies. These people 'may be fueled by our adversaries,' he said.

So...in a back-handed way he's stating that the citizenry wanting checks and balances on people/agencies that lie to their nominal overseers (e.g. DNI James Clapper before Congress) are "fueled by our adversaries," thereby effectively declaring that we're treasonous malcontents?

Get this absolutely straight, we're not "fueled by our adversaries," at least not the ones he's thinking about; unless you include those that lie to their nominal overseers and thereby undermine the Constitution and its checks-and-balances as "adversaries" as well. If you include those that lie to both the overseers and the constituents they represent as "adversaries," then I suppose we could be considered as "fueled."

What an insane mindset they've assumed; likely the product of living in the "Beltway Bubble" for way, way too long. How can there be ANY checks-and-balances when the overseen lie to the overseers? Answer that question with something other than an excuse, or go to jail for perjury like so many others have done, and they might, just might, start earning back the trust of the people they claim to protect.